Hello Namjil,
This line mean that radius works.
Jan 24 22:45:04 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f] handling
radius autz request: from switch_ip => (10.0.0.2), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (00:3a:98:1e:c6:20), mac =>
[34:4d:f7:4a:dc:5f], port => 292, username => "344df74adc5f", ssid =>
PacketFence-Public (pf::radius::authorize)
Can you check the radius audit log to see exactly what is the radius
request and the radius anwer ?
Regards
Fabrice
Le 2017-01-24 à 23:02, Namjil a écrit :
>
> Dear All
>
>
>
> I’m new one on packetfence. I installed and setup PFence ZEN 6.4.0 on
> VMware.
>
> My network diagram is shown below:
>
>
>
> | VMware |
>
> | PFence | <--trunk--> SW <--trunk--> RTR <--trunk--> SW <--trunk-->
> AIR-AP1242G-E-K9
>
>
>
> PFence management IP: 192.168.140.1
>
> RTR IP: 192.168.140.2
>
> 10.0.0.1
>
> AP IP: 10.0.0.2
>
>
>
> Then I try connect to SSID, following LOG on AP:
>
>
>
> *Jan 25 11:27:57.635: %RADIUS-4-RADIUS_DEAD: RADIUS server
> 192.168.140.1:1812,1813 is not responding.
>
> *Jan 25 11:27:57.636: %RADIUS-4-RADIUS_ALIVE: RADIUS server
> 192.168.140.1:1812,1813 is being marked alive.
>
> *Jan 25 11:28:07.075: %DOT11-7-AUTH_FAILED: Station 344d.f74a.dc5f
> Authentication failed
>
>
>
> PFence LOG:
>
>
>
> tail –f /usr/local/pf/logs/packetfence.log
>
>
>
> Jan 24 22:45:04 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f] handling
> radius autz request: from switch_ip => (10.0.0.2), connection_type =>
> Wireless-802.11-NoEAP,switch_mac => (00:3a:98:1e:c6:20), mac =>
> [34:4d:f7:4a:dc:5f], port => 292, username => "344df74adc5f", ssid =>
> PacketFence-Public (pf::radius::authorize)
>
> Jan 24 22:45:04 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f]
> Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
>
> Jan 24 22:45:04 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f] is of
> status unreg; belongs into registration VLAN
> (pf::role::getRegistrationRole)
>
> Jan 24 22:45:04 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f]
> (10.0.0.2) Added VLAN 130 to the returned RADIUS Access-Accept
> (pf::Switch::returnRadiusAccessAccept)
>
> Jan 24 22:45:07 pfsetvlan(2) INFO: nb of items in queue: 1; nb of
> threads running: 0 (main::startTrapHandlers)
>
> Jan 24 22:45:07 pfsetvlan(2) INFO: Memory configuration is not valid
> anymore for key config::Switch in local cached_hash
> (pfconfig::cached::get_from_subcache)
>
> Jan 24 22:45:07 pfsetvlan(2) INFO: doWeActOnThisTrap returns false.
> Stop dot11Deauthentication handling (main::handleTrap)
>
> Jan 24 22:45:07 pfsetvlan(3) INFO: nb of items in queue: 1; nb of
> threads running: 0 (main::startTrapHandlers)
>
> Jan 24 22:45:07 pfsetvlan(3) INFO: doWeActOnThisTrap returns false.
> Stop dot11Deauthentication handling (main::handleTrap)
>
> Jan 24 22:45:07 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
>
> Jan 24 22:45:07 pfsetvlan(2) INFO: finished (main::cleanupAfterThread)
>
> Jan 24 22:45:25 pfsetvlan(5) INFO: nb of items in queue: 1; nb of
> threads running: 0 (main::startTrapHandlers)
>
> Jan 24 22:45:25 pfsetvlan(5) INFO: doWeActOnThisTrap returns false.
> Stop dot11Deauthentication handling (main::handleTrap)
>
> Jan 24 22:45:25 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
>
> Jan 24 22:47:08 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f] handling
> radius autz request: from switch_ip => (10.0.0.2), connection_type =>
> Wireless-802.11-NoEAP,switch_mac => (00:3a:98:1e:c6:20), mac =>
> [34:4d:f7:4a:dc:5f], port => 293, username => "344df74adc5f", ssid =>
> PacketFence-Public (pf::radius::authorize)
>
> Jan 24 22:47:08 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f]
> Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
>
> Jan 24 22:47:08 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f] is of
> status unreg; belongs into registration VLAN
> (pf::role::getRegistrationRole)
>
> Jan 24 22:47:08 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f]
> (10.0.0.2) Added VLAN 130 to the returned RADIUS Access-Accept
> (pf::Switch::returnRadiusAccessAccept)
>
> Jan 24 22:47:29 pfsetvlan(3) INFO: nb of items in queue: 1; nb of
> threads running: 0 (main::startTrapHandlers)
>
> Jan 24 22:47:29 pfsetvlan(3) INFO: doWeActOnThisTrap returns false.
> Stop dot11Deauthentication handling (main::handleTrap)
>
> Jan 24 22:47:29 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
>
> Jan 24 22:47:52 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f] handling
> radius autz request: from switch_ip => (10.0.0.2), connection_type =>
> Wireless-802.11-NoEAP,switch_mac => (00:3a:98:1e:c6:20), mac =>
> [34:4d:f7:4a:dc:5f], port => 294, username => "344df74adc5f", ssid =>
> PacketFence-Public (pf::radius::authorize)
>
> Jan 24 22:47:52 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f]
> Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
>
> Jan 24 22:47:52 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f] is of
> status unreg; belongs into registration VLAN
> (pf::role::getRegistrationRole)
>
> Jan 24 22:47:52 httpd.aaa(6130) INFO: [mac:34:4d:f7:4a:dc:5f]
> (10.0.0.2) Added VLAN 130 to the returned RADIUS Access-Accept
> (pf::Switch::returnRadiusAccessAccept)
>
> Jan 24 22:48:15 pfsetvlan(2) INFO: nb of items in queue: 1; nb of
> threads running: 0 (main::startTrapHandlers)
>
> Jan 24 22:48:15 pfsetvlan(2) INFO: doWeActOnThisTrap returns false.
> Stop dot11Deauthentication handling (main::handleTrap)
>
> Jan 24 22:48:15 pfsetvlan(2) INFO: finished (main::cleanupAfterThread)
>
>
>
> Radius LOG:
>
>
>
> tail –f /usr/local/pf/logs/radius.log
>
>
>
> Tue Jan 24 22:42:12 2017 : Info: rlm_rest (rest): Need 1 more
> connections to reach 10 spares
>
> Tue Jan 24 22:42:12 2017 : Info: rlm_rest (rest): Opening additional
> connection (99), 1 of 62 pending slots used
>
> Tue Jan 24 22:42:12 2017 : Info: rlm_sql (sql): Need 1 more
> connections to reach 10 spares
>
> Tue Jan 24 22:42:12 2017 : Info: rlm_sql (sql): Opening additional
> connection (100), 1 of 62 pending slots used
>
> Tue Jan 24 22:42:12 2017 : [mac:34:4d:f7:4a:dc:5f] Accepted user: and
> returned VLAN 130
>
> Tue Jan 24 22:42:12 2017 : Auth: (147) Login OK: [344df74adc5f] (from
> client 10.0.0.2 port 289 cli 34:4d:f7:4a:dc:5f)
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_rest (rest): Closing connection
> (98): Hit idle_timeout, was idle for 179 seconds
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_rest (rest): Closing connection
> (97): Hit idle_timeout, was idle for 141 seconds
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_rest (rest): Closing connection
> (99): Hit idle_timeout, was idle for 141 seconds
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_rest (rest): Opening additional
> connection (100), 1 of 64 pending slots used
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_rest (rest): Need 2 more
> connections to reach 10 spares
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_rest (rest): Opening additional
> connection (101), 1 of 63 pending slots used
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_sql (sql): Closing connection
> (99): Hit idle_timeout, was idle for 179 seconds
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_sql (sql): Closing connection
> (98): Hit idle_timeout, was idle for 141 seconds
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_sql (sql): Closing connection
> (100): Hit idle_timeout, was idle for 141 seconds
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_sql (sql): Opening additional
> connection (101), 1 of 64 pending slots used
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_sql (sql): Need 2 more
> connections to reach 10 spares
>
> Tue Jan 24 22:44:33 2017 : Info: rlm_sql (sql): Opening additional
> connection (102), 1 of 63 pending slots used
>
> Tue Jan 24 22:44:33 2017 : [mac:34:4d:f7:4a:dc:5f] Accepted user: and
> returned VLAN 130
>
> Tue Jan 24 22:44:33 2017 : Auth: (148) Login OK: [344df74adc5f] (from
> client 10.0.0.2 port 290 cli 34:4d:f7:4a:dc:5f)
>
> Tue Jan 24 22:44:57 2017 : Info: rlm_rest (rest): Need 1 more
> connections to reach 10 spares
>
> Tue Jan 24 22:44:57 2017 : Info: rlm_rest (rest): Opening additional
> connection (102), 1 of 62 pending slots used
>
> Tue Jan 24 22:44:57 2017 : Info: rlm_sql (sql): Need 1 more
> connections to reach 10 spares
>
> Tue Jan 24 22:44:57 2017 : Info: rlm_sql (sql): Opening additional
> connection (103), 1 of 62 pending slots used
>
> Tue Jan 24 22:44:57 2017 : [mac:34:4d:f7:4a:dc:5f] Accepted user: and
> returned VLAN 130
>
> Tue Jan 24 22:44:57 2017 : Auth: (149) Login OK: [344df74adc5f] (from
> client 10.0.0.2 port 291 cli 34:4d:f7:4a:dc:5f)
>
> Tue Jan 24 22:45:04 2017 : [mac:34:4d:f7:4a:dc:5f] Accepted user: and
> returned VLAN 130
>
> Tue Jan 24 22:45:04 2017 : Auth: (150) Login OK: [344df74adc5f] (from
> client 10.0.0.2 port 292 cli 34:4d:f7:4a:dc:5f)
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_rest (rest): Closing connection
> (100): Hit idle_timeout, was idle for 131 seconds
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_rest (rest): Closing connection
> (102): Hit idle_timeout, was idle for 131 seconds
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_rest (rest): Closing connection
> (101): Hit idle_timeout, was idle for 124 seconds
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_rest (rest): Opening additional
> connection (103), 1 of 64 pending slots used
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_rest (rest): Need 2 more
> connections to reach 10 spares
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_rest (rest): Opening additional
> connection (104), 1 of 63 pending slots used
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_sql (sql): Closing connection
> (101): Hit idle_timeout, was idle for 131 seconds
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_sql (sql): Closing connection
> (103): Hit idle_timeout, was idle for 131 seconds
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_sql (sql): Closing connection
> (102): Hit idle_timeout, was idle for 124 seconds
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_sql (sql): Opening additional
> connection (104), 1 of 64 pending slots used
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_sql (sql): Need 2 more
> connections to reach 10 spares
>
> Tue Jan 24 22:47:08 2017 : Info: rlm_sql (sql): Opening additional
> connection (105), 1 of 63 pending slots used
>
> Tue Jan 24 22:47:08 2017 : [mac:34:4d:f7:4a:dc:5f] Accepted user: and
> returned VLAN 130
>
> Tue Jan 24 22:47:08 2017 : Auth: (151) Login OK: [344df74adc5f] (from
> client 10.0.0.2 port 293 cli 34:4d:f7:4a:dc:5f)
>
> Tue Jan 24 22:47:52 2017 : Info: rlm_rest (rest): Need 1 more
> connections to reach 10 spares
>
> Tue Jan 24 22:47:52 2017 : Info: rlm_rest (rest): Opening additional
> connection (105), 1 of 62 pending slots used
>
> Tue Jan 24 22:47:52 2017 : Info: rlm_sql (sql): Need 1 more
> connections to reach 10 spares
>
> Tue Jan 24 22:47:52 2017 : Info: rlm_sql (sql): Opening additional
> connection (106), 1 of 62 pending slots used
>
> Tue Jan 24 22:47:52 2017 : [mac:34:4d:f7:4a:dc:5f] Accepted user: and
> returned VLAN 130
>
> Tue Jan 24 22:47:52 2017 : Auth: (152) Login OK: [344df74adc5f] (from
> client 10.0.0.2 port 294 cli 34:4d:f7:4a:dc:5f)
>
>
>
> Please advice this situation.
>
>
>
> Thanks,
>
> Namjil
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
